diff options
Diffstat (limited to 'www/profile.php')
| -rw-r--r-- | www/profile.php | 191 |
1 files changed, 191 insertions, 0 deletions
diff --git a/www/profile.php b/www/profile.php new file mode 100644 index 0000000..6a4222e --- /dev/null +++ b/www/profile.php @@ -0,0 +1,191 @@ +<?php +/*************************************************************************** + Copyright (C) 2004 - 2006 Scuttle project + http://sourceforge.net/projects/scuttle/ + http://scuttle.org/ + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + ***************************************************************************/ + +require_once 'www-header.php'; + +/* Service creation: only useful services are created */ +// No specific services +$tplVars['loadjs'] = true; + +/* Managing all possible inputs */ +isset($_POST['submittedPK']) ? define('POST_SUBMITTEDPK', $_POST['submittedPK']): define('POST_SUBMITTEDPK', ''); +isset($_POST['submitted']) ? define('POST_SUBMITTED', $_POST['submitted']): define('POST_SUBMITTED', ''); +isset($_POST['pPass']) ? define('POST_PASS', $_POST['pPass']): define('POST_PASS', ''); +isset($_POST['pPassConf']) ? define('POST_PASSCONF', $_POST['pPassConf']): define('POST_PASSCONF', ''); +isset($_POST['pName']) ? define('POST_NAME', $_POST['pName']): define('POST_NAME', ''); +isset($_POST['pPrivateKey']) ? define('POST_PRIVATEKEY', $_POST['pPrivateKey']): define('POST_PRIVATEKEY', ''); +isset($_POST['pEnablePrivateKey']) ? define('POST_ENABLEPRIVATEKEY', $_POST['pEnablePrivateKey']): define('POST_ENABLEPRIVATEKEY', ''); +isset($_POST['pMail']) ? define('POST_MAIL', $_POST['pMail']): define('POST_MAIL', ''); +isset($_POST['pPage']) ? define('POST_PAGE', $_POST['pPage']): define('POST_PAGE', ''); +isset($_POST['pDesc']) ? define('POST_DESC', $_POST['pDesc']): define('POST_DESC', ''); + +isset($_POST['token']) ? define('POST_TOKEN', $_POST['token']): define('POST_TOKEN', ''); +isset($_SESSION['token']) ? define('SESSION_TOKEN', $_SESSION['token']): define('SESSION_TOKEN', ''); +isset($_SESSION['token_stamp']) ? define('SESSION_TOKENSTAMP', $_SESSION['token_stamp']): define('SESSION_TOKENSTAMP', ''); + + +@list($url, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL; + +if ($user) { + + if (is_int($user)) { + $userid = intval($user); + } else { + $user = urldecode($user); + $userinfo = $userservice->getObjectUserByUsername($user); + if ($userinfo == NULL) { + $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + exit(); + } else { + $userid = $userinfo->getId(); + } + } +} else { + $tplVars['error'] = T_('Username was not specified'); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + exit(); +} + +$tplVars['privateKeyIsEnabled'] = ''; +if ($userservice->isLoggedOn() && $user == $currentUser->getUsername()) { + $title = T_('My Profile'); + $tplVars['privateKey'] = $currentUser->getPrivateKey(true); + + if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) { + $tplVars['privateKeyIsEnabled'] = 'checked="checked"'; + } else { + $tplVars['privateKeyIsEnabled'] = ''; + } +} else { + $title = T_('Profile') .': '. $user; + $tplVars['privateKey'] = ''; +} +$tplVars['pagetitle'] = $title; +$tplVars['subtitle'] = $title; + +$tplVars['user'] = $user; +$tplVars['userid'] = $userid; + +/* Update Private Key */ +if (POST_SUBMITTEDPK!='' && $currentUser->getId() == $userid) { + $userinfo = $userservice->getObjectUserByUsername($user); + $tplVars['privateKey'] = $userservice->getNewPrivateKey(); +} + +if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) { + $error = false; + $detPass = trim(POST_PASS); + $detPassConf = trim(POST_PASSCONF); + $detName = trim(POST_NAME); + $detPrivateKey = trim(POST_PRIVATEKEY); + $detEnablePrivateKey = trim(POST_ENABLEPRIVATEKEY); + $detMail = trim(POST_MAIL); + $detPage = trim(POST_PAGE); + $detDesc = filter(POST_DESC); + + // manage token preventing from CSRF vulnaribilities + if ( SESSION_TOKEN == '' + || time() - SESSION_TOKENSTAMP > 600 //limit token lifetime, optionnal + || SESSION_TOKEN != POST_TOKEN) { + $error = true; + $tplVars['error'] = T_('Invalid Token'); + } + + if ($detPass != $detPassConf) { + $error = true; + $tplVars['error'] = T_('Password and confirmation do not match.'); + } + if ($detPass != "" && strlen($detPass) < 6) { + $error = true; + $tplVars['error'] = T_('Password must be at least 6 characters long.'); + } + if (!$userservice->isValidEmail($detMail)) { + $error = true; + $tplVars['error'] = T_('E-mail address is not valid.'); + } + if (!$error) { + if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc, $detPrivateKey, $detEnablePrivateKey)) { + $tplVars['error'] = T_('An error occurred while saving your changes.'); + } else { + $tplVars['msg'] = T_('Changes saved.'); + } + } + $userinfo = $userservice->getObjectUserByUsername($user); + $tplVars['privateKey'] = $userinfo->getPrivateKey(true); + if ($userservice->isPrivateKeyValid($userinfo->getPrivateKey())) { + $tplVars['privateKeyIsEnabled'] = 'checked="checked"'; + } else { + $tplVars['privateKeyIsEnabled'] = ''; + } +} + +if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) { + $templatename = 'profile.tpl.php'; +} else { + $scert = SemanticScuttle_Service_Factory::get('User_SslClientCert'); + + if (isset($_POST['action']) && $_POST['action'] == 'registerCurrentCert') { + if (!$scert->hasValidCert()) { + $tplVars['error'] = T_('You do not have a valid SSL client certificate'); + } else if (false !== $scert->getUserIdFromCert()) { + $tplVars['error'] = T_('This certificate is already registered'); + } else if (false === $scert->registerCurrentCertificate($currentUser->getId())) { + $tplVars['error'] = T_('Failed to register SSL client certificate.'); + } else { + $tplVars['msg'] = T_('SSL client certificate registered.'); + } + } else if (isset($_POST['action']) && $_POST['action'] == 'deleteClientCert' + && isset($_POST['certId']) + ) { + $certId = (int)$_POST['certId']; + $cert = $scert->getCert($certId); + + if ($cert === null) { + $tplVars['error'] = T_('Certificate not found.'); + } else if ($cert->uId != $currentUser->getId()) { + $tplVars['error'] = T_('The certificate does not belong to you.'); + } else if (false === $scert->delete($certId)) { + $tplVars['error'] = T_('Failed to delete SSL client certificate.'); + } else { + $tplVars['msg'] = T_('SSL client certificate deleted.'); + } + } + + //Token Init + $_SESSION['token'] = md5(uniqid(rand(), true)); + $_SESSION['token_stamp'] = time(); + + $templatename = 'editprofile.tpl.php'; + + $tplVars['formaction'] = createURL('profile', $user); + $tplVars['token'] = $_SESSION['token']; + + $tplVars['sslClientCerts'] = $scert->getUserCerts($currentUser->getId()); + $tplVars['currentCert'] = null; + if ($scert->hasValidCert()) { + $tplVars['currentCert'] = SemanticScuttle_Model_User_SslClientCert::fromCurrentCert(); + } +} + +$tplVars['objectUser'] = $userinfo; +$templateservice->loadTemplate($templatename, $tplVars); +?> |